Even rocket scientists use dumb passwords

Written by

Share

Written by

The world’s largest professional organization of engineers exposed nearly 100,000 passwords of its members on a publicly available server, a computer scientist in Denmark reported today. But many of the eggheaded engineers had passwords just as obvious and insecure as the rest of us.

The Institute of Electrical and Electronics Engineers just confirmed the incident in an email to me, apologizing for the breach and saying “the issue has been addressed and resolved.” Radu Dragusin, the programmer who first discovered the exposed passwords, usernames, and other information, published a fascinating analysis of the data at ieeelog.com, including some maps of IEEE’s far-flung members. But I fixated on his list of the most common passwords:

123456

ieee2012

12345678

123456789

password

library

1234567890

123

12345

1234

ADMIN123

IEEE2012

student

ieee2011

SUNIV358

Password

abcd1234

admin

There’s an argument to be made that certain passwords, like those you might use to log into a professional organization’s website, shouldn’t be as secure as, say, an email password. An engineer using “123456” to log into the IEEE’s website may look silly but probably doesn’t have to worry about their more important accounts, which should have stronger passwords. Still, “password” and “abcd1234” are generally inadvisable passwords, no matter what. And it’s striking that the most popular passwords among these engineers are similar to a larger set of passwords from Yahoo users that were exposed this summer.